Synoptic analysis techniques for intrusion detection in wireless networks

Current system administrators are missing intrusion alerts hidden by large numbers of false positives. Rather than accumulation more data to identify true alerts, we propose an intrusion detection tool that e?ectively uses select data to provide a picture of ?network health?. Our hypothesis is that by utilizing the data available at both the node and cooperative network levels we can create a synoptic picture of the network providing indications of many intrusions or other network issues. Our major contribution is to provide a revolutionary way to analyze node and network data for patterns, dependence, and e?ects that indicate network issues. We collect node and network data, combine and manipulate it, and tease out information about the state of the network. We present a method based on utilizing the number of packets sent, number of packets received, node reliability, route reliability, and entropy to develop a synoptic picture of the network health in the presence of a sinkhole and a HELLO Flood attacker. This method conserves network throughput and node energy by requiring no additional control messages to be sent between the nodes unless an attacker is suspected. We intend to show that, although the concept of an intrusion detection system is not revolutionary, the method in which we analyze the data for clues about network intrusion and performance is highly innovative

Security, trust and cooperation in wireless sensor networks

Wireless sensor networks are a promising technology for many real-world applications such as critical infrastructure monitoring, scientific data gathering, smart buildings, etc.. However, given the typically unattended and potentially unsecured operation environment, there has been an increased number of security threats to sensor networks. In addition, sensor networks have very constrained resources, such as limited energy, memory, computational power, and communication bandwidth. These unique challenges call for new security mechanisms and algorithms. In this dissertation, we propose novel algorithms and models to address some important and challenging security problems in wireless sensor networks. The first part of the dissertation focuses on data trust in sensor networks. Since sensor networks are mainly deployed to monitor events and report data, the quality of received data must be ensured in order to make meaningful inferences from sensor data. We first study a false data injection attack in the distributed state estimation problem and propose a distributed Bayesian detection algorithm, which could maintain correct estimation results when less than one half of the sensors are compromised. To deal with the situation where more than one half of the sensors may be compromised, we introduce a special class of sensor nodes called \textit{trusted cores}. We then design a secure distributed trust aggregation algorithm that can utilize the trusted cores to improve network robustness. We show that as long as there exist some paths that can connect each regular node to one of these trusted cores, the network can not be subverted by attackers. The second part of the dissertation focuses on sensor network monitoring and anomaly detection. A sensor network may suffer from system failures due to loss of links and nodes, or malicious intrusions. Therefore, it is critical to continuously monitor the overall state of the network and locate performance anomalies. The network monitoring and probe selection problem is formulated as a budgeted coverage problem and a Markov decision process. Efficient probing strategies are designed to achieve a flexible tradeoff between inference accuracy and probing overhead. Based on the probing results on traffic measurements, anomaly detection can be conducted. To capture the highly dynamic network traffic, we develop a detection scheme based on multi-scale analysis of the traffic using wavelet transforms and hidden Markov models. The performance of the probing strategy and of the detection scheme are extensively evaluated in malicious scenarios using the NS-2 network simulator. Lastly, to better understand the role of trust in sensor networks, a game theoretic model is formulated to mathematically analyze the relation between trust and cooperation. Given the trust relations, the interactions among nodes are modeled as a network game on a trust-weighted graph. We then propose an efficient heuristic method that explores network heterogeneity to improve Nash equilibrium efficiency

Contention techniques for opportunistic communication in wireless mesh networks

Auf dem Gebiet der drahtlosen Kommunikation und insbesondere auf den tieferen Netzwerkschichten sind gewaltige Fortschritte zu verzeichnen. Innovative Konzepte und Technologien auf der physikalischen Schicht (PHY) gehen dabei zeitnah in zelluläre Netze ein. Drahtlose Maschennetzwerke (WMNs) können mit diesem Innovationstempo nicht mithalten. Die Mehrnutzer-Kommunikation ist ein Grundpfeiler vieler angewandter PHY Technologien, die sich in WMNs nur ungenügend auf die etablierte Schichtenarchitektur abbilden lässt. Insbesondere ist das Problem des Scheduling in WMNs inhärent komplex. Erstaunlicherweise ist der Mehrfachzugriff mit Trägerprüfung (CSMA) in WMNs asymptotisch optimal obwohl das Verfahren eine geringe Durchführungskomplexität aufweist. Daher stellt sich die Frage, in welcher Weise das dem CSMA zugrunde liegende Konzept des konkurrierenden Wettbewerbs (engl. Contention) für die Integration innovativer PHY Technologien verwendet werden kann. Opportunistische Kommunikation ist eine Technik, die die inhärenten Besonderheiten des drahtlosen Kanals ausnutzt. In der vorliegenden Dissertation werden CSMA-basierte Protokolle für die opportunistische Kommunikation in WMNs entwickelt und evaluiert. Es werden dabei opportunistisches Routing (OR) im zustandslosen Kanal und opportunistisches Scheduling (OS) im zustandsbehafteten Kanal betrachtet. Ziel ist es, den Durchsatz von elastischen Paketflüssen gerecht zu maximieren. Es werden Modelle für Überlastkontrolle, Routing und konkurrenzbasierte opportunistische Kommunikation vorgestellt. Am Beispiel von IEEE 802.11 wird illustriert, wie der schichtübergreifende Entwurf in einem Netzwerksimulator prototypisch implementiert werden kann. Auf Grundlage der Evaluationsresultate kann der Schluss gezogen werden, dass die opportunistische Kommunikation konkurrenzbasiert realisierbar ist. Darüber hinaus steigern die vorgestellten Protokolle den Durchsatz im Vergleich zu etablierten Lösungen wie etwa DCF, DSR, ExOR, RBAR und ETT.In the field of wireless communication, a tremendous progress can be observed especially at the lower layers. Innovative physical layer (PHY) concepts and technologies can be rapidly assimilated in cellular networks. Wireless mesh networks (WMNs), on the other hand, cannot keep up with the speed of innovation at the PHY due to their flat and decentralized architecture. Many innovative PHY technologies rely on multi-user communication, so that the established abstraction of the network stack does not work well for WMNs. The scheduling problem in WMNs is inherent complex. Surprisingly, carrier sense multiple access (CSMA) in WMNs is asymptotically utility-optimal even though it has a low computational complexity and does not involve message exchange. Hence, the question arises whether CSMA and the underlying concept of contention allows for the assimilation of advanced PHY technologies into WMNs. In this thesis, we design and evaluate contention protocols based on CSMA for opportunistic communication in WMNs. Opportunistic communication is a technique that relies on multi-user diversity in order to exploit the inherent characteristics of the wireless channel. In particular, we consider opportunistic routing (OR) and opportunistic scheduling (OS) in memoryless and slow fading channels, respectively. We present models for congestion control, routing and contention-based opportunistic communication in WMNs in order to maximize both throughput and fairness of elastic unicast traffic flows. At the instance of IEEE 802.11, we illustrate how the cross-layer algorithms can be implemented within a network simulator prototype. Our evaluation results lead to the conclusion that contention-based opportunistic communication is feasible. Furthermore, the proposed protocols increase both throughput and fairness in comparison to state-of-the-art approaches like DCF, DSR, ExOR, RBAR and ETT

Intelligent IoT Traffic Classification Using Novel Search Strategy for Fast Based-Correlation Feature Selection in Industrial Environments

[EN] Internet of Things (IoT) can be combined with machine learning in order to provide intelligent applications to the network nodes. Furthermore, IoT expands these advantages and technologies to the industry. In this paper, we propose a modification of one of the most popular algorithms for feature selection, fast-based-correlation feature (FCBF). The key idea is to split the feature space in fragments with the same size. By introducing this division, we can improve the correlation and, therefore, the machine learning applications that are operating on each node. This kind of IoT applications for industry allows us to separate and prioritize the sensor data from the multimedia-related traffic. With this separation, the sensors are able to detect efficiently emergency situations and avoid both material and human damage. The results show the performance of the three FCBF-based algorithms for different problems and different classifiers, confirming the improvements achieved by our approach in terms of model accuracy and execution time.This paper was supported in part by the Ministerio de Economia y Competitividad del Gobierno de Espana and the Fondo de Desarrollo Regional within the project Inteligencia distribuida para el control y adaptacion de redes dinamicas definidas por software under Grant TIN2014-57991-C3-1-P, in part by the Ministerio de Educacion, Cultura y Deporte, through the Ayudas para contratos predoctorales de Formacion del Profesorado Universitario FPU (Convocatoria 2015) under Grant FPU15/06837, and in part by the Ministerio de Economia y Competitividad in the Programa Estatal de Fomento de la Investigacion Cientifica y Tecnica de Excelencia, Subprograma Estatal de Generacion de Conocimiento within the Project TIN2017-84802-C2-1-P. (Corresponding author: Jaime Lloret.)Egea, S.; Rego Mañez, A.; Carro, B.; Sánchez-Esguevillas, A.; Lloret, J. (2018). Intelligent IoT Traffic Classification Using Novel Search Strategy for Fast Based-Correlation Feature Selection in Industrial Environments. IEEE Internet of Things. 5(3):1616-1624. https://doi.org/10.1109/JIOT.2017.2787959S161616245

A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks

Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more targets. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks. In this paper, we explore the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack. © 1998-2012 IEEE

Mobile Ad-Hoc Networks

Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of-the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: quality-of-service and video communication, routing protocol and cross-layer design. A few interesting problems about security and delay-tolerant networks are also discussed. This book is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks

Smart Wireless Sensor Networks

The recent development of communication and sensor technology results in the growth of a new attractive and challenging area - wireless sensor networks (WSNs). A wireless sensor network which consists of a large number of sensor nodes is deployed in environmental fields to serve various applications. Facilitated with the ability of wireless communication and intelligent computation, these nodes become smart sensors which do not only perceive ambient physical parameters but also be able to process information, cooperate with each other and self-organize into the network. These new features assist the sensor nodes as well as the network to operate more efficiently in terms of both data acquisition and energy consumption. Special purposes of the applications require design and operation of WSNs different from conventional networks such as the internet. The network design must take into account of the objectives of specific applications. The nature of deployed environment must be considered. The limited of sensor nodes� resources such as memory, computational ability, communication bandwidth and energy source are the challenges in network design. A smart wireless sensor network must be able to deal with these constraints as well as to guarantee the connectivity, coverage, reliability and security of network's operation for a maximized lifetime. This book discusses various aspects of designing such smart wireless sensor networks. Main topics includes: design methodologies, network protocols and algorithms, quality of service management, coverage optimization, time synchronization and security techniques for sensor networks

Wireless Sensor Networks

The aim of this book is to present few important issues of WSNs, from the application, design and technology points of view. The book highlights power efficient design issues related to wireless sensor networks, the existing WSN applications, and discusses the research efforts being undertaken in this field which put the reader in good pace to be able to understand more advanced research and make a contribution in this field for themselves. It is believed that this book serves as a comprehensive reference for graduate and undergraduate senior students who seek to learn latest development in wireless sensor networks

On traffic analysis in anonymous communication networks

In this dissertation, we address issues related to traffic analysis attacks and the engineering in anonymous communication networks. Mixes have been used in many anonymous communication systems and are supposed to provide countermeasures that can defeat various traffic analysis attacks. In this dissertation, we first focus on a particular class of traffic analysis attack, flow correlation attacks, by which an adversary attempts to analyze the network traffic and correlate the traffic of a flow over an input link at a mix with that over an output link of the same mix. Two classes of correlation methods are considered, namely time-domain methods and frequency-domain methods. We find that a mix with any known batching strategy may fail against flow correlation attacks in the sense that, for a given flow over an input link, the adversary can correctly determine which output link is used by the same flow. We theoretically analyze the effectiveness of a mix network under flow correlation attacks. We extend flow correlation attack to perform flow separation: The flow separation attack separates flow aggregates into either smaller aggregates or individual flows. We apply blind source separation techniques from statistical signal processing to separate the traffic in a mix network. Our experiments show that this attack is effective and scalable. By combining flow separation and frequency spectrum matching method, a passive attacker can get the traffic map of the mix network. We use a non-trivial network to show that the combined attack works. The second part of the dissertation focuses on engineering anonymous communication networks. Measures for anonymity in systems must be on one hand simple and concise, and on the other hand reflect the realities of real systems. We propose a new measure for the anonymity degree, which takes into account possible heterogeneity. We model the effectiveness of single mixes or of mix networks in terms of information leakage and measure it in terms of covert channel capacity. The relationship between the anonymity degree and information leakage is described, and an example is shown